Security Operations Engineer? Use your skills to fight cancer!

RaySearch develops innovative software solutions to improve cancer care. Over 2,600 clinics in more than 65 countries use RaySearch software to improve treatments and quality of life for patients. RaySearch was founded in 2000 and is listed on Nasdaq Stockholm. Headquarter is in central Stockholm and the company has subsidiaries in the US, Europe and Asia. Today we are more than 380 employees with a common vision in improving cancer care with innovative software. Our great staff is crucial for our success and we offer a fantastic working environment in modern offices, flexibility and good opportunities for development. We believe in equal opportunities, value diversity and work actively to prevent discrimination.

Are you specialized in security operations and want to use your skills to make a difference? RaySearch grows and we need more people who want to be part in fighting cancer with innovative software!

About the role

As Security Operations Engineer, you will have the opportunity to be a key member of the SecOps team at RaySearch. Within this role, you will be responsible for supporting and implementing all aspects of the global data protection compliance strategy and advising on legal matters surrounding data protection/privacy. In this position you will also be responsible for validating the level of compliance and evaluating information security risks across the entire company. The ability to make decisions and influence decisions in the areas of risk management and compliance is key in the role.

You will work closely with the IT, R&D and Service organizations and support them with practical security improvement work and guidance, from an early project state to systems in production. You will also play an important role in the company’s continuous process and regulatory compliance work to make sure we successfully translate requirements and recommendations into working technical solutions.

Your main tasks:

• Support the communication of policies, procedures and plans to internal stakeholders regarding security and compliance best practices around applicable laws, regulations and controls.
• Support the sales process with compliance of frameworks (e.g., GDPR, HIPAA, ISO 27001).
• Work with subcontractors, to ensure that information security requirements are included in new or renewed contracts to manage third party risk.
• Identify, analyze and prioritize security risks and come up with mitigating solutions.
• Document and communicate security configuration and hardening guidelines for infrastructure components.
• Manage security technology and audit/intrusion systems that consist of Microsoft and other cloud security solutions, data loss prevention, IDS/IPS, Web-Proxy, security audits and more.

As Security Operations Engineer you will work in a varied position and with many contacts, both in Sweden and globally.

Your profile

You have probably been working in the cloud and with the technical side of security operations both on-prem and have a clear understanding of the security level required for a medtech company. You have the historical experience of system lifecycles which is shown by you viewing all systems with scalability and with a long-term security strategy. You are also a team player who prefer to work in close cooperation with other branches within the organization. To enjoy this role, we believe that you appreciate being part of a growing company, where working methods and processes are constantly changing. You are a person with strong analytical skills who keeps track on details. We also think that you are used to take risks into account as well as work with concepts, frameworks, implementation, and objective controlling.

We think that you have:

• Minimum 3 years’ experience of information security work.
• Excellent English communication skills.
• Experience in the latest security principles, techniques and standards.
• Experience in various security systems: intrusion detection systems, anti-virus software, identity management systems, log management, content filtering etc.
• Experience in OWASP, CIS and/or other security standards.
• Experience with vulnerability management and incident response processes.Familiarity with cloud security controls and best practices. Ex: AWS & Azure.

It is an advantage, but not required, if you also have experience in writing and implementing security policies and architectural design documentation.

Application

Please apply to the position through the application form below. Selection and interviews will be ongoing. We do not accept applications by e-mail, but if you have any questions about the position please contact Alinne Andersson (HR).